Johnny
Reputation: 95
Parameterized query doesn't work, no errors
Why doesn't the following query doesn't return any results? it gives no errors.
SQLiteCommand sqliteCommand = new SQLiteCommand("SELECT * FROM " + table + " WHERE @COL LIKE @searchKey", DataBaseConnnection);
sqliteCommand.Parameters.Add("@searchKey", DbType.String).Value = SearchKeyWord;
sqliteCommand.Parameters.Add("@COL", DbType.String).Value = COLString;
Upvotes: 0
Views: 77
Answers (1)
D Stanley
Reputation: 152556
If you're trying to pass in a column name as a parameter, you can't do that. That query is comparing the literal value of the @COL parameter against the @searchKey pattern. It's perfectly legal syntax, but doesn't work life you want it to.
I suspect what you want is:
SQLiteCommand sqliteCommand = new SQLiteCommand("SELECT * FROM " + table
+ " WHERE " + COLString
+ " LIKE @searchKey", DataBaseConnnection);
sqliteCommand.Parameters.Add("@searchKey", DbType.String).Value = SearchKeyWord;
However you should ONLY do this if you have COMPLETE control of the strings that can be passed in - otherwise you're open to SQL Injection attacks.
Upvotes: 1
Related Questions
- SQLite showing "Insufficient Parameters supplied to the command" despite having enough parameters
- SQLite: Insufficient parameters supplied
- SQLite not returning rows, but manual execution of query does
- Parameterized Queries not working
- Parameterized query not working in C#
- Sqlite WHERE Clause using Parameters
- Parameterized SQL queries don't work
- SQLite query not executing on C#
- Android parameterized sql query not working
- having an issue with sqLite param queries not working as expected